Jay Peters@The Verge
//
A US judge has ruled that the Israeli software company NSO Group is liable for hacking 1,400 WhatsApp users using its Pegasus spyware. The court found that NSO Group exploited a vulnerability in WhatsApp to target journalists, activists, politicians, and other individuals. NSO Group has been found to have violated the Computer Fraud & Abuse Act and the California Comprehensive Computer Data Access and Fraud Act, along with breaching its contract with WhatsApp.
This ruling is a major victory for WhatsApp, which initiated legal action in 2019. The judge rejected NSO Group's argument that it was not liable, as their clients were investigating crimes and national security matters. A trial will now proceed to determine the damages that NSO Group will owe WhatsApp. This landmark decision is being seen as a precedent for other companies in the spyware industry.
Recommended read:
References :
- Hacker News: US judge finds Israel's NSO Group liable for hacking journalists via WhatsApp L: C: posted on 2024.12.20 at 20:38:23 (c=0, p=5)
- toot.majorshouse.com: Israeli software group is being held liable for attacks on journalists, activists, and politicians. Pegasus spyware maker NSO Group is liable for attacks on 1,400 WhatsApp users
- The Verge: Pegasus spyware maker NSO Group is liable for attacks on 1,400 WhatsApp users
- Techmeme: A US judge finds NSO Group liable for exploiting a bug in WhatsApp to spy on 1,400 users and that WhatsApp is entitled to sanctions against NSO (Joseph Menn/Washington Post)
- bsky.app: major victory for WhatsApp in this finding of NSO Grp liability. really is a landmark. spyware like Pegasus is like a silent virus, aiming to leave no fingerprints. thanks not only to WhatsApp for bringing this action but orgs like @citizenlab.ca for exposing NSO in the first place!
- Martin: Mastodon post about the NSO Group liability.
- Osint10x: Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices
- DataBreaches.Net: US Court Finds NSO Liable For Hacking Of WhatsApp Using Pegasus Malware
- Techmeme: A US judge finds NSO Group liable for exploiting a bug in WhatsApp to spy on 1,400 users and that WhatsApp is entitled to sanctions against NSO
- www.techmeme.com: Techmeme post about the NSO Group being found liable.
- CCC: WhatsApp prevailed against over NSO’s abuse of the messaging app to enable the infiltration of phones of journalists, activists and dissidents with its hacking tool
- www.engadget.com: Judge finds spyware-maker NSO Group liable for attacks on WhatsApp users
- International homepage: WhatsApp prevailed against over NSO’s abuse of the messaging app to enable the infiltration of phones of journalists, activists and dissidents with its hacking tool
- www.courtlistener.com: IT'S FRIDAY NIGHT AND YOU KNOW WHAT THAT MEANS. IT'S TIME FOR reading the WhatsApp v. NSO Group court docket
- cyberinsider.com: Pegasus Spyware Maker NSO Liable for 1,400 WhatsApp User Hacks
- CyberScoop: Judge grants ruling in favor of WhatsApp against spyware firm NSO Group
- BleepingComputer: A U.S. federal judge has ruled that Israeli spyware maker NSO Group violated U.S. hacking laws by using WhatsApp zero-days to deploy Pegasus spyware on at least 1,400 devices.
- CyberInsider: Pegasus Spyware Maker NSO Liable for 1,400 WhatsApp User Hacks
- jbz: US judge finds Israel's NSO Group liable for hacking in WhatsApp lawsuit
- securityaffairs.com: U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit
- cyberscoop.com: Judge grants ruling in favor of WhatsApp against spyware firm NSO Group
- www.bleepingcomputer.com: US court finds spyware maker NSO liable for WhatsApp hacks
- techcrunch.com: WhatsApp scores historic victory against NSO Group in long-running spyware hacking case
- AAKL: WhatsApp scores historic victory against NSO Group in long-running spyware hacking case
- Carly Page: WhatsApp has scored a historic victory against NSO Group after a US judge said the Israeli spyware maker breached hacking laws by using the messaging platform to stealthily infect devices with Pegasus
- The Hacker News: Meta Platforms-owned WhatsApp scored a major legal victory in its fight against Israeli commercial spyware vendor NSO Group after a federal judge in the U.S. state of California ruled in favor of the messaging giant for exploiting a security vulnerability to deliver Pegasus.
- ciso2ciso.com: A U.S. court ruled in favor of WhatsApp against NSO Group, holding the spyware vendor liable for exploiting a flaw to deliver Pegasus spyware. WhatsApp won a legal case against NSO Group in a U.S. court over exploiting a vulnerability to deliver Pegasus spyware.
- Cybernews: Before 2020, Pegasus infected 1,400 devices to surveil WhatsApp. Last week, a US court held NSO Group liable for computer crimes.
- ciso2ciso.com: CISO2CISO reports on U.S. Court ruling against NSO Group in WhatsApp spyware lawsuit.
- Risk and Resilience: Risk and Resilience reports about WhatsApp securing a landmark ruling against Pegasus Spyware in hacking lawsuit.
- ciso2ciso.com: Spyware Maker NSO Group Liable for WhatsApp User Hacks
- Schneier on Security: Spyware Maker NSO Group Found Liable for Hacking WhatsApp
- ciso2ciso.com: Spyware Maker NSO Group Liable for WhatsApp User Hacks
- riskandresilience.info: WhatsApp Secures Landmark Ruling Against Pegasus Spyware in Hacking Lawsuit
- www.theguardian.com: WhatsApp wins legal case against NSO Group in Pegasus spyware lawsuit.
- DMR News: WhatsApp Defeats NSO Group in Long-Running Pegasus Spyware Case
- securityonline.info: Pegasus Spyware: Court Finds NSO Group Liable for 1,400 Infections
- Pyrzout :vm:: Spyware Maker NSO Group Liable for WhatsApp User Hacks – Source: www.infosecurity-magazine.com
- Cyber Security News: WhatsApp Wins 5-Year Battle Over NSO’s Pegasus Spyware Attacks
- ciso2ciso.com: WhatsApp Wins Lawsuit Against Israeli Spyware Maker NSO Group – Source:hackread.com
- ciso2ciso.com: Spyware Maker NSO Group Found Liable for Hacking WhatsApp – Source: www.schneier.com
- ciso2ciso.com: Spyware Maker NSO Group Found Liable for Hacking WhatsApp – Source: www.schneier.com
- Pyrzout :vm:: Spyware Maker NSO Group Found Liable for Hacking WhatsApp – Source: www.schneier.com
- iHLS: Court Rules NSO Group Liable for WhatsApp Surveillance Using Pegasus Malware
- Pyrzout :vm:: WhatsApp Wins Lawsuit Against Israeli Spyware Maker NSO Group – Source:hackread.com &Legalities
Tim Starks@Threats | CyberScoop
//
Amnesty International has revealed that Serbian police and intelligence services are using Cellebrite's forensic tools to extract data from the mobile phones of journalists and activists, followed by the installation of a new Android spyware called NoviSpy. This method of surveillance involves unlocking devices using Cellebrite, which is capable of bypassing device passcodes, and then loading them with the NoviSpy malware. The spyware can capture sensitive personal data, including screenshots, location data, audio and microphone recordings, as well as turning on phone cameras. The report highlights how this combination of technology allows Serbian authorities to conduct extensive covert surveillance operations against civil society.
This use of Cellebrite technology, typically used for data extraction, to enable spyware installation, marks a concerning development in digital surveillance tactics. Amnesty International documented two cases where Cellebrite tools were used to unlock devices before installing spyware. The NoviSpy spyware, once installed, can access a wide range of data, allowing Serbian authorities to monitor individuals in a pervasive manner. While Cellebrite asserts its tools cannot plant spyware, this incident raises significant concerns about the potential misuse of such technology and its implications for human rights and freedom of speech.
Recommended read:
References :
- Threats | CyberScoop: Amnesty International exposes Serbian police’s use of spyware on journalists, activists
- securitylab.amnesty.org: “We are all in the form of a digital prison, a digital gulag”: Cellebrite phone hacking and spyware
- 404 Media: Cellebrite Unlocked This Journalist’s Phone. Cops Then Infected it With Malware
- Amnesty International: Serbia: Authorities using spyware and Cellebrite forensic extraction tools to hack journalists and activists
- Zack Whittaker: New, by : Amnesty says it's identified spyware on the phones of a Serbian journalist, whose phone was physically seized during a traffic stop and opened using Cellebrite phone-unlocking tools.
- techcrunch.com: Serbian police used Cellebrite to unlock, then plant spyware, on a journalist’s phone
- bsky.app: Serbian police used Cellebrite to unlock, then plant spyware, on a journalist's phone | TechCrunch
- Zack Whittaker: Cellebrite, which made the phone-unlocking tech that Serbian authorities used to plant the spyware, told us that its tools alone cannot be used to plant spyware — "a third-party would have to do that."
- The Hacker News: NoviSpy Spyware Installed on Journalist's Phone After Unlocking It With Cellebrite Tool
- CCC: “We are all in the form of a digital prison, a digital gulag”: Cellebrite phone hacking and spyware
- infosec.exchange: NEW: Amnesty International has documented two cases where Serbian authorities used Cellebrite to unlock the phones of a journalist and an activist.
- Dataconomy: Serbian police allegedly use NoviSpy spyware to monitor journalists
- BleepingComputer: The Serbian government exploited Qualcomm zero-days to unlock and infect Android devices with a new spyware named 'NoviSpy,' used to spy on activists, journalists, and protestors.
- Joseph Cox: New: Cellebrite is being used as doorway to install malware. Amnesty finds multiple cases where police used Cellebrite to unlock phone; cops then used that access to infect with spyware which takes screenshots, turns on mic, etc, give phone back to target. In Serbia
- Techmeme: Amnesty International: Serbian authorities used phone hacking startup Cellebrite's tools to unlock a journalist's phone before infecting the device with malware (Joseph Cox/404 Media)
- securityaffairs.com: Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware
- appleinsider.com: Undisclosed HomeKit flaw used by Cellebrite to attack Serbian journalists
- Help Net Security: Serbian police and intelligence officers used Cellebrite forensic extraction software to unlock journalists’ and activists’ phones and install previously unknown Android spyware called NoviSpy
- evacide: The Serbian government is using Cellebrite and Novispy to spy on journalists and activists, says Amnesty Tech
- JosephMenn: A new report from Amnesty shines a harsh light on device-cracking companies like Cellebrite, which police are using to inject spyware onto the phones of activists and journalists.
- Cybernews: Governments may be using mobile forensic products from Cellebrite to hack high-profile targets and install spyware on their Android devices.
Pierluigi Paganini@securityaffairs.com
//
Russian state-aligned hackers are exploiting the "Linked Devices" feature in Signal Messenger to conduct cyber-espionage campaigns. Google's Threat Intelligence Group (GTIG) has uncovered these campaigns, revealing that the hackers are using phishing tactics to gain unauthorized access to Signal accounts. These campaigns involve tricking users into linking their devices to systems controlled by the attackers.
Russian threat actors are launching phishing campaigns that exploit the legitimate "Linked Devices" feature in the Signal messaging app to gain unauthorized access to accounts of interest. The hackers employ sophisticated methods to trick targets into linking their Signal account to a device controlled by the attacker, compromising their secure communications.
Recommended read:
References :
- cyberinsider.com: Russian Hackers Exploit Signal’s Linked Devices to Spy on Users
- BleepingComputer: Russian threat actors have been launching phishing campaigns that exploit the legitimate "Linked Devices" feature in the Signal messaging app to gain unauthorized access to accounts of interest.
- www.bleepingcomputer.com: Russian threat actors have been launching phishing campaigns that exploit the legitimate "Linked Devices" feature in the Signal messaging app to gain unauthorized access to accounts of interest.
- CyberInsider: Google's Threat Intelligence Group (GTIG) has uncovered a series of cyber-espionage campaigns by Russian state-aligned hackers targeting Signal Messenger accounts.
- securebulletin.com: Russia-Aligned actors intensify targeting of Signal Messenger
- securityaffairs.com: Russia-linked threat actors exploit Signal messenger
- Talkback Resources: Russian Groups Target Signal Messenger in Spy Campaign [app] [social]
- cloud.google.com: Russian Threat Actors targeting Signal messenger accounts used by individuals of interest to Russia's intelligence services. The goal seems to be espionage or military reconnaissance in context of war in Ukraine.
- bsky.app: Russian Threat Actors targeting Signal messenger accounts used by individuals of interest to Russia's intelligence services. The goal seems to be espionage or military reconnaissance in context of war in Ukraine. https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger
- cyble.com: Russia-Linked Actors Exploiting Signal Messenger’s “Linked Devices� Feature for Espionage in Ukraine
- Talkback Resources: State-aligned threat actors, particularly from Russia, are targeting Signal Messenger accounts through phishing campaigns to access sensitive government and military communications, exploiting the app's "linked devices" feature for eavesdropping on secure conversations.
- cyberscoop.com: Russian-aligned threat groups dupe Ukrainian targets via Signal
- Talkback Resources: Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger [social]
- Threats | CyberScoop: Russia-aligned threat groups dupe Ukrainian targets via Signal
- www.onfocus.com: Google Threats on Signals of Trouble
- cyberriskleaders.com: Russian Hackers Targeting Ukrainian Signal Users with Malicious QR Codes
- arstechnica.com: Russia-aligned hackers are targeting Signal users with device-linking QR codes Swapping QR codes in group invites and artillery targeting are latest ploys.
- MeatMutts: Google Warns of Russian Hacking Campaign Targeting Ukraine’s Military on Signal
- Talkback Resources: Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes
- thecyberexpress.com: Russian state-sponsored hackers are ramping up efforts to compromise Signal messenger accounts, particularly those used by Ukrainian military personnel, government officials, and other key figures.
@techcrunch.com
//
Italian spyware maker SIO is distributing malicious Android applications that masquerade as popular apps like WhatsApp. According to an exclusive report by TechCrunch, the spyware, dubbed "Spyrtacus," is designed to steal private data from a target's device. Researchers have linked this spyware campaign to SIO, a company that claims to partner with law enforcement agencies, government organizations, police, and intelligence agencies, including the Italian government.
The spyware campaign involves distributing malicious Android apps disguised as popular applications and cellphone provider tools. Security researchers at Lookout identified the spyware as "Spyrtacus" after finding the term in the code of an older malware sample. Spyrtacus possesses capabilities typical of government spyware, including the ability to steal text messages, chats from various messaging platforms, exfiltrate contacts, and record phone calls and ambient audio. At this time, the identities of the spyware targets and victims remain unknown.
Recommended read:
References :
- infosec.exchange: NEW: We caught another government spyware vendor, which made fake Android apps masquerading as WhatsApp and cellphone providers' apps. The spyware, called Spyrtacus, was made by SIO. The company says on its official website that it partners "Law Enforcement Agencies, Government Organizations, Police and Intelligence Agencies," and sells to Italian government. At this point, we don't have information on who were the spyware targets and victims.
- Zack Whittaker: Incredible reporting by , who caught an Android spyware campaign in the wild. The spyware, dubbed "Spyrtacus," masquerades as popular apps like WhatsApp, but steals victims' phone data. Researchers linked the spyware to Italian firm SIO.
- Pietro395 :proton: ??: Italian spyware maker SIO, known to sell its products to government customers, is behind a series of malicious Android apps that masquerade as WhatsApp and other popular apps but steal private data from a target’s device, TechCrunch has exclusively learned.
- techcrunch.com: Spyware maker caught distributing malicious Android apps for years
- infosec.exchange: NEW: We caught another government spyware vendor, which made fake Android apps masquerading as WhatsApp and cellphone providers' apps.
- techcrunch.com: Spyware maker caught distributing malicious Android apps for years
- Techmeme: Sources: Italian spyware maker SIO created malicious Android apps that masquerade as WhatsApp and other apps; a researcher says they were likely used in Italy (Lorenzo Franceschi-Bicchierai/TechCrunch)
- www.dday.it: Very nice find (in 🇮🇹) by tech site Digital Day. Spyware maker SIO attempted to sell Spyrtacus through an intermediary to an Italian prosecutor's office in Sicily, but was rejected because law says the owner of the product is the one that must apply to the tender.
@techcrunch.com
//
A data breach has impacted users of the spyware applications Cocospy and Spyic, potentially exposing sensitive personal data including messages, photos, and call logs. These consumer-grade spyware apps, sometimes called stalkerware or spouseware, covertly monitor private information on Android devices. The Cocospy breach alone exposed almost 1.8 million customer email addresses, which have been added to the Have I Been Pwned database.
TechCrunch reported on the breach and released a guide with steps for checking Android devices for stalkerware, as well as how to safely remove it. Stalkerware apps are often downloaded from outside official app stores, planted without permission, and hidden on the device to avoid detection. Signs of infection include unusual device behavior like overheating, slow performance, or excessive data usage.
Recommended read:
References :
- cyberinsider.com: A data breach in the spyware applications Cocospy and Spyic has exposed the personal data of millions of people, including sensitive information such as messages, photos, and call logs.
- haveibeenpwned.com: In February 2025, the spyware service . The Cocospy breach alone exposed almost 1.8M customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more.
- Dataconomy: This stalkerware breaches your Android: Fix it now
- Zack Whittaker: We also have guidance on what you can do if you think you've been compromised by Cocospy and Spyic, which can affect both Android and iPhone/iPad users.
- Digital Information World: Secret Phone Surveillance Apps Are Stealing Data—Are You a Target?
@feeds.feedburner.com
//
Apple is notifying users who are likely targets of government-sponsored spyware, but is redirecting them to third-party security labs instead of performing in-house forensic analysis. This decision stems from Apple's concern that in-depth analysis could reveal spyware capabilities to the attackers. The company is alerting victims that their devices are potentially compromised by mercenary spyware and specifically directing them to seek assistance from the nonprofit Access Now, which runs a digital security lab specializing in this area.
This approach is supported by cybersecurity experts who work with at-risk individuals such as human rights defenders and journalists. They agree that Apple is taking the correct course by informing users while abstaining from forensic analysis. John Scott-Railton, a senior researcher at the Citizen Lab, noted that the notifications have been a “game changer for spyware accountability research.” The notifications from Apple, according to Access Now, indicate a high confidence in the warning, emphasizing the importance of taking it seriously. Apple’s stance comes from an incident where they declined to analyze devices belonging to campaign staff of US vice president Kamala Harris after they triggered an anomaly detection tool.
Recommended read:
References :
- infosec.exchange: LorenzoFB's Mastodon post on Apple's spyware notifications.
- Zack Whittaker: Zack Whittaker's Mastodon post on Apple's spyware notifications.
- techcrunch.com: TechCrunch article about Apple sending victims to a nonprofit lab.
- Techmeme: Experts say Apple's spyware notifications for victims are a game changer for research; the notifications direct the victims to nonprofit security lab Access Now (Lorenzo Franceschi-Bicchierai/TechCrunch)
@shaarli.maynier.eu
//
Former Polish Justice Minister Zbigniew Ziobro has been arrested by Polish police in connection with the illegal use of NSO Group's Pegasus spyware. The arrest follows a probe into the previous government's use of the spyware, with allegations that Ziobro signed off on government funds to pay for the technology. He is also accused of supervising cases where the spyware was deployed, suggesting a potential abuse of power.
This action is part of a broader investigation initiated by the new prime minister to address the alleged targeting of nearly 600 individuals in Poland by spyware attacks between 2017 and 2022. The probe has been ongoing for years, with a Senate commission previously finding "gross violations of constitutional standards" related to the deployment of Pegasus to hack an opposition politician's device in 2019, even alleging the 2019 elections were tainted by the use of Pegasus.
Recommended read:
References :
- CCC: Poland’s spyware probe has been going on for years: Police now arrested the former justice minister. He had refused to attend hearings on the deployment
- Links: Former Polish justice minister arrested in sprawling spyware probe | The Record
- www.techdirt.com: Poland’s Justice Minister Arrested For Illegal Use Of NSO Group Malware | Techdirt 「 Polish police on Friday arrested the country’s former justice minister, alleging that he signed off on the use of government money to pay for spyware used to snoop on opposition leaders and supervised cases where the technology was deployed 」
OODA Analyst@OODAloop
//
This cluster reports on findings by iVerify regarding the widespread use of Pegasus spyware. The research indicates a broader impact than previously known, affecting not just high-profile individuals but also ordinary users. This underscores the ongoing threat of sophisticated spyware and the need for robust mobile security.
Recommended read:
References :
- arstechnica.com: Ars Technica article about the discovery of seven Pegasus infections.
- OODAloop: Oodaloop article highlighting the widespread nature of Pegasus infections.
- iHLS: New scans by iVerify uncover seven instances of Pegasus infections, suggesting this spyware is more widespread than previously believed.
- www.itprotoday.com: Pegasus spyware infections proliferate across iOS and Android devices.
|
|
FlagThis - #Spyware